Abstract
Increasing numbers of computer security vulnerabilities mean that, more than ever before, internetworked computers are at risk from attack. Unfortunately research to date has not found suitable solutions to these problems and therefore further work is required in order to understand what is necessary to develop secure systems. This study sought to explore the relationship between the development process and the security of the fielded system. Specifically an attempt was made to analyse the “real-world” security of three modern Unix systems and this was compared with the consideration of security during their development. The results not only show that a consideration of security at all phases of development leads to significantly more secure products, but also indicates the specific roles that each development phase plays in this process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ross Anderson. Why cryptosystems fail. Communications of the ACM, 37(11):32–40, November 1994.
Richard Baskerville. Information systems security design methods: Implications for information systems development. ACM Computing Surveys, 25(4):375–414, 1993.
David E. Bell and Leonard J. LaPadula. Secure computer systems: Mathematical foundations and model. Technical Report M74-244, Mitre Corporation, Bedford, MA, 1973.
Silvana Castano, Giancarlo Martella, and Pierangela Samarati. A new approach to security system development. In Proceedings of the 1994 ACM SIGSAC on New Security Paradigms Workshop, pages 82–88, 1994.
Santosh Chokhani. Trusted products evaluation. Communications of the ACM, 35(7):64–76, 1992.
Simson Garfinkel and Eugene Spafford. Practical Unix and Internet Security. O'Reilly & Associates, second edition, 1996.
Donald Mackenzie and Garrell Pottinger. Mathematics, technology, and trust: Formal verification, computer security and the U.S. military. IEEE Annals of the History of Computing, 19(3):41–59, 1997.
John McLean. A comment on the “Basic Security Theorem” of Bell and LaPadula. Information Processing Letters, 20(2):67–70, 1985.
D. N. J. Mostert and S. H. von Solms. A technique to include computer security, safety, and resilience requirements as part of the requirements specification. Journal of Systems Software, 31:45–53, 1995.
National Computer Security Center. NCSC-TG-002 Trusted Product Evaluations-A Guide for Vendors, 22 June 1990. “Bright Blue Book”, Available Online: http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.html
Peter G. Neumann. Architectures and formal representations for secure systems. Technical report, Computer Science Laboratory, SRI International, Menlo Park, CA 94025-3493, 2 October 1995. SRI Project 6401, Prepared for the US Department of Defense.
Christian Payne. Security Through Design as a Paradigm for Systems Development, 1999. Murdoch University, Perth, Western Australia.
Charles P. Pfleeger. Security in Computing. Prentice-Hall, Upper Saddle River, New Jersey, 1997.
Deborah Russell and G. T. Gangemi Sr. Computer Security Basics. O'Reilly & Associates, 1992.
Bruce Schneier. Why cryptography is harder than it looks. Online: http://www.counterpane.com/whycrypto.html, 1997.
SecurityFocus.Com. BUGTRAQ VulDB Stats. Online: http://www.securityfocus.com/vdb/stats.html, May 2000.
U. S. Department of Defense, Washington, D. C. Trusted Computer System Evaluation Criteria, 1985. DOD 5200.28-STD.
Chenxi Wang and William A. Wulf. Towards a framework for security measurement. In Proceedings of the 20th National Information Systems Security Conference, pages 522–533, 1997.
J. L. Whitten, L. D. Bentley, and V. M. Barlow. Systems Analysis and Design Methods. Irwin, 1994.
Hans U. Zoebelein. The Internet operating system counter. Online: http://leb.net/hzo/ioscount/, April 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Payne, C. (2000). The Role of the Development Process in Operating System Security. In: Goos, G., Hartmanis, J., van Leeuwen, J., Pieprzyk, J., Seberry, J., Okamoto, E. (eds) Information Security. ISW 2000. Lecture Notes in Computer Science, vol 1975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44456-4_21
Download citation
DOI: https://doi.org/10.1007/3-540-44456-4_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41416-2
Online ISBN: 978-3-540-44456-5
eBook Packages: Springer Book Archive